Role Insights in SailPoint AI-Driven Identity Security

Date Posted:

9 Oct 2025

Category:

Security

Role Insights in SailPoint AI-Driven Identity Security

Date Posted:

9 Oct 2025

Category:

Security

Role Insights in SailPoint AI-Driven Identity Security

Date Posted:

9 Oct 2025

Category:

Security

SailPoint Role Insights: AI-Driven Identity Security for Smarter Access Management

Introduction Of SailPoint AI-Driven Identity Security Role Insights

Role Insights helps you improve and secure existing roles by pointing out entitlements frequently held by role members but missing from the role

For example, the “Project Manager” role may lack entitlements like Project Tracker and Status Dashboard, even though nearly all users assigned to that role already have those entitlements individually.

Role Insights highlights such missing entitlements; you can then review these suggestions and add the missing entitlements to the role.

Working with Role Insights

Access Role Insights

Navigate to Admin > Access Model > Role Insights. Organization must have the Access Modeling (AI) module enabled. This feature is available to Org Admins and Role Admins.

Review Suggested Entitlements

Role Insights analyses existing roles and the entitlements they include, as well as entitlements that users assigned to those roles already have individually (outside of the role).

It identifies entitlements where at least 80% of role members already have them even if those entitlements are not part of the role definition and may be assigned individually.

The tool then flags these as suggestions to add to the role, based on these criteria:

The entitlement isn’t currently in the role
It’s popular (≥ 80%) among members of that role
The entitlement originates from a source already linked to that role

For each suggested entitlement, Role Insights shows:

Impacted identities - those users who would gain access if you add the entitlement to the role
Identities with entitlement - those who already have it through another path (so they wouldn't gain anything new)

Role Insights Dashboard Metrics:

Auto-Discovered Roles - Suggested roles that SailPoint identifies automatically, based on shared entitlements among users.
Access Included in Roles - The proportion of all entitlements that are currently assigned to users through roles.
Identities with Access from Roles - The percentage of users whose access is granted via roles rather than individual entitlements.

Exporting Suggested Role Updates

After reviewing recommended entitlement changes for the roles in Role Insights, admin can export these suggestions to CSV and then apply the changes to the roles manually.

Conclusion

Role Insights helps you fine-tune existing roles, ensuring they're aligned with user behaviour and security best practices. Role discovery is another AI-driven feature that helps you identify and build new roles based on actual patterns of access within your organization. Both are part of SailPoint’s Access Modeling framework where Role Insights maintains and strengthens existing roles, and role discovery expands the role model with new, relevant roles.

Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Category:

Security

Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Stay tuned to our blog to see more posts about

Sailpoint products implementation and its related updates.

Category:

Security

Get your

Tailored Quote for your

Organisation

Get your

Tailored Quote for your

Organisation

SailPoint Role Insights: AI-Driven Identity Security for Smarter Access Management

Introduction Of SailPoint AI-Driven Identity Security Role Insights

Role Insights helps you improve and secure existing roles by pointing out entitlements frequently held by role members but missing from the role

Role Insights highlights such missing entitlements; you can then review these suggestions and add the missing entitlements to the role.

Working with Role Insights

Access Role Insights

Navigate to Admin > Access Model > Role Insights. Organization must have the Access Modeling (AI) module enabled. This feature is available to Org Admins and Role Admins.

Review Suggested Entitlements

Role Insights analyses existing roles and the entitlements they include, as well as entitlements that users assigned to those roles already have individually (outside of the role).

It identifies entitlements where at least 80% of role members already have them even if those entitlements are not part of the role definition and may be assigned individually.

The tool then flags these as suggestions to add to the role, based on these criteria:

The entitlement isn’t currently in the role
It’s popular (≥ 80%) among members of that role
The entitlement originates from a source already linked to that role

For each suggested entitlement, Role Insights shows:

Impacted identities - those users who would gain access if you add the entitlement to the role
Identities with entitlement - those who already have it through another path (so they wouldn't gain anything new)

Role Insights Dashboard Metrics:

Auto-Discovered Roles - Suggested roles that SailPoint identifies automatically, based on shared entitlements among users.
Access Included in Roles - The proportion of all entitlements that are currently assigned to users through roles.
Identities with Access from Roles - The percentage of users whose access is granted via roles rather than individual entitlements.

Exporting Suggested Role Updates

After reviewing recommended entitlement changes for the roles in Role Insights, admin can export these suggestions to CSV and then apply the changes to the roles manually.

Conclusion

Next Blog